<?php

require_once('../include/GeneralTop.php');
require('../include/class/db.php');

if (isset($_POST['txtLoginId'])) {
	$db = new db;
  	$loginUsername = $_POST['txtLoginId'];
  	$password = $_POST['txtPassword'];
  	$MM_fldUserAuthorization = "";
  	$MM_redirectLoginSuccess = "ShowNews.php";
  	$MM_redirectLoginFailed = "AdminLogin.php?param=fail";
  
  	$sql = sprintf("SELECT member_id, member_login, password, role FROM member_info WHERE member_login=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString(md5($password), "text")); 
   
  	$res = $db->query($sql);
  	$loginFoundUser = $db->num($res);
  	if (0 < $loginFoundUser) {
    	$row = $db->fetch($res);
	   	//declare two session variables and assign them
	   	$_SESSION['MM_Username_id'] = $row['member_id'];
	    $_SESSION['MM_Username'] = $loginUsername;
	    $_SESSION['MM_UserGroup'] = $row['role'];

	    if (isset($_SESSION['PrevUrl']) && false) {
	      	$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
	    }
	    if(MEMBER_ORDINARY === (int)$row['role']) {
	    	header("Location: ". $MM_redirectLoginFailed );
	    }
	    else if(MEMBER_PAID === (int)$row['role']) {
	    	$MM_redirectLoginSuccess = "HappyHome.php";
	    	header("Location: ". $MM_redirectLoginSuccess );
	    }
	    else {
	    	header("Location: " . $MM_redirectLoginSuccess );
	    }
  	}
 	else {
   	 	header("Location: ". $MM_redirectLoginFailed );
  	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="../Felix_css.css" rel="stylesheet" type="text/css" />
<title>Admin Login</title>
</head>

<body>
<table width="299" border="0" cellspacing="0" cellpadding="0" align="center" class="font_12px_gray">
<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
  
    <tr>
      <td width="104">用户名:</td>
      <td width="195"><label>
        <input type="text" name="txtLoginId" id="txtLoginId"  size="20"/>
      </label></td>
    </tr>
    <tr>
      <td>密 码:</td>
      <td><input type="password" name="txtPassword" id="txtPassword" size="22"/></td>
    </tr>
    <tr>
      <td colspan="2" align="center"><label>
        <input type="submit" name="submit" id="submit" value="登陆" />
      </label></td>
    </tr>
    <?php
    if(isset($_GET['param']) && 'fail' == $_GET['param']) {
    ?>
    <tr>
      <td colspan="2" align="center" style="padding-top:5px;">
         <font color="red">用户名或密码错误，请重新输入</font>
      </td>
    </tr>
    <?php
    }
    ?>
    </form>
  </table>

</body>
</html>